Good afternoon Jamf Nation,
We’re excited to launch Jamf Connect Login 1.0.0, now integrated with Azure Active Directory and Jamf Connect Verify 1.0.0. Details about the release are below.
Please let me know if you have any questions or concerns about this release!
Login Admin Guide with Release Notes
Verify Admin Guide with Release Notes
KB Article for Deploying Jamf Connect
KB Article for Jamf Connect Verify Preference Keys
KB Article for Using authchanger with Jamf Connect
KB Article for Integrating Open ID Connect with Jamf Connect
Azure Integration Press Release
We are working on the updates for Jamf Connect Sync, but are running it through some more testing currently. Since many people already have NoMAD Pro installed we are being very careful with the upgrade workflows.
As we get closer to release we will have beta releases and more info available.
Hang in there, we haven't forgotten about you.
Great news. Will there be released some online product walkthrough or webinar of this new product as seeing something often is better then reading :)
We are not running LDAP, will information from Azure be able to be uploaded to Jamf with AD preference settings like full name, email, phone number location etc ?
Jamf Connect is a welcome addition. However it would increase its usefulness massively if it was not limited to just Active Directory and Azure (AD).
Active Directory was already reasonably well supported by Apple's built-in AD client, OpenDirectory is also of course well supported by Apple's built-in OD client. Other LDAP servers are effectively not supported at all.
Yes one can manually define field mapping for other LDAP servers but not the use of the word manually. Trying to use say FreeIPA is pretty much a lost cause, OpenLDAP is not much better despite the fact it is a lot better known and OpenDirectory is based on it.
One of the major issues is the inability to get password reset requests to work at the login screen stage.
If Jamf Connect stepped up to the plate and provided seamless connectivity to other LDAP services especially in our case FreeIPA then I would go for it in a flash.
Note: I did manage manually to get a Mac to talk to FreeIPA and even for the creation and use of Mobile accounts but the one thing I could not get working was login screen password reset requests - changing the password ones self via System Preferences did work. Changing the password via System Preferences worked via a Kerberos connection but password reset requirement at the login screen happen before the login is complete and hence you have no Kerberos ticket at that point. With FreeIPA and OpenLDAP having no equivalent of Apple's Password Server you are stuck.
@jonathanwilson You can use the open source version NoMAD Login, that is what Jamf told me when asking. I also just like you, have a local AD and I am using NoMAD Open Source found here: https://nomad.menu/support
Jamf Connect I was told is for OKTA/Azure and soon if not already for Google Secure LDAP, anyone can correct me if I am wrong!
For local AD infrastructures NoMAD remains as the best solution for casual binding to local AD.
The Jamf Connect products use cloud IdP solutions for authentication.
We realize that a lot of folks still have local AD resources they would like to access still with local Kerberos. Jamf Connect Verify, NoMAD Pro, and the upcoming Jamf Connect Sync all allow you to authenticate to your IdP and then also retrieve local Kerberos tickets from on-prem AD.
In a nutshell:
- If you only have on-prem AD, use NoMAD solutions.
- If you only have an IdP, use Jamf Connect solutions.
- If you have IdP as your authentication source and local AD resources, use Jamf Connect solutions.
I hope this helps clear things up a bit.